Confessions of the QSA: An Introduction to the Payment Card Industry Data Security Standard

 

As most in the industry know, a QSA must get certified by the PCI Security Standards Security Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Created in 2004 by major credit card brands, such as Visa and American Express, the council acts as a form of self-regulation.

So, how did Weaver become an expert on PCI, and what types of solutions does it offer its clients?

On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cyber Security Services at Weaver, and Kyle Morris, Manager of IT at Advisory Services at Weaver. The trio dug into insights from Weaver’s Quality Security Assessor and explored how Weaver dove headfirst into PCI.

The PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Companies that fall under this standard could do a variety of things, such as an annual self-assessment questionnaire, or bring in a third-party, independent QSA to do a full-blown report on compliance audit.

Morris is a QSA and started at Weaver about eight years ago. A few years into his career, they had a client, a service provider, start getting asked by their customers if they knew anything about PCI and the report on compliance. At the time, they hadn’t done anything with it, but decided to figure it out. That morphed into Weaver diving headfirst into PCI.

“We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Morris said.

Follow us on social media for the latest updates in B2B!

Image

Latest

community
Bringing Community into the Transformation of K-12 Schools: The Impact of Mentors, Local Voices, and Student Entrepreneurs
July 24, 2025

As K-12 schools across the U.S. struggle to recover from the learning loss and emotional fallout of the pandemic, a deeper reckoning is underway—one that challenges the very foundation of who’s responsible for educating our children. Despite billions in federal relief, a third of U.S. students are not even reading at a basic level…

Read More
9 Proven User-Generated Content Strategies That Actually Work
July 24, 2025

User-generated content has become the backbone of modern marketing—but most advice focuses on theory rather than execution. We asked nine marketing leaders who’ve built successful UGC programs to share exactly how they do it, what works, and what doesn’t. Here’s what we learned from their real-world experience. Start With Direct Customer Outreach Kyle Bernard, who…

Read More
Blending Intuition and Metrics to Elevate Sterile Processing
Smarter Sterile Processing Starts with Data—Boosting Efficiency, Cutting Costs, and Improving Patient Care
July 24, 2025

In a healthcare ecosystem increasingly driven by data, sterile processing departments (SPDs) find themselves at a crossroads—balancing precision and pace, safety and speed. As hospitals look to reduce inefficiencies and protect patient safety, analytics tools are transforming sterile processing from an often overlooked backroom function into a vital, data-enhanced frontline of care. Research shows…

Read More
college success
Freshman Year Survival Guide: How Overlooked High School Lessons Lead to College Success
July 24, 2025

Nobody warns you that college success isn’t just about brains — it’s about balance, too. In this refreshingly honest episode of Professional Quotient: Conversations that Build Equity, hosted by Jason Winningham, high school teacher Jacob Mutchler reunites with two of his former students, Lilly Salcedo and Oscar Davila, to reflect on what really mattered…

Read More